Verified Voting in the News

ome voters with disabilities will be able to cast their ballots on smart phones using blockchain technology for the first time in a U.S. election on Tuesday. But while election officials and mobile voting advocates say the technology has the potential to increase access to the ballot box, election technology experts are raising serious security concerns about the idea. The mobile voting system, a collaboration between Boston-based tech company Voatz, nonprofit Tusk Philanthropies and the National Cybersecurity Center, has previously been used for some military and overseas voters during test pilots in West Virginia, Denver and Utah County, Utah. Now, Utah County is expanding its program to include voters with disabilities in its municipal general election as well. Two Oregon counties, Jackson and Umatilla, will also pilot the system for military and overseas voters on Tuesday. The idea, according to Bradley Tusk, the startup consultant and philanthropist who is funding the pilots, is to increase voter turnout. “We can’t take on every interest group in Washington around the country and beat them, but I think what we can do is let the genie out of the bottle,” he says.

With a presidential election on the line in 2020, Georgia is switching to a new voting company, Dominion Voting Systems, that state evaluators ranked second-best and that critics said will leave elections vulnerable. Dominion, based in Denver, must rush to install 30,000 voting machines for 7 million Georgia voters before the March 24 presidential primary, the largest rollout of elections equipment in U.S. history. Most voters in Tuesday’s local elections will cast ballots on Georgia’s 17-year-old machines, and voters in six counties are testing Dominion’s machines. The company faces intense scrutiny in Georgia, one of the most competitive states in the nation entering an election year featuring President Donald Trump and two U.S. Senate seats on the ballot. The challenge for Dominion is to seamlessly introduce computer-printed paper ballots in a state criticized last year over allegations of vote flipping, missing voter registrations, precinct closures, long lines and voter purges. The swift transition to new voting equipment has raised eyebrows far from Georgia. “What Georgia is trying to do basically blows my mind,” said Dwight Shellman, an election official at the Colorado secretary of state’s office. His state adopted a Dominion system in 2016. “We had 2 1/2 years to do it, and it was challenging,” Shellman said. “I can’t imagine implementing the number of counties Georgia has in, what, two months? Three months?” Actually, the work will take eight months. But the challenge remains daunting.

Alex Halderman was researching election hacking a decade before the 2016 U.S. presidential race made it front-page news. The computer science professor at the University of Michigan brought change to India’s elections, turned a U.S. voting machine into a Pac-Man arcade game, and warned Congress twice about the vulnerabilities that await 2020’s U.S. elections. Yet he is bringing a decidedly low-tech solution – a return to the backup of a “paper trail” for ballots – to one of cybersecurity’s biggest challenges when he speaks to the top minds in artificial intelligence at the CyberSec & AI Prague conference in October. Halderman has researched elections in India, Estonia, Australia, and the United States and found that – as in other areas of modern life – tech can introduce as well as address cybersecurity problems. “Countries around the world are turning to computer technology and internet-connected systems to try to make elections better, but the fact is that opens up whole new categories of risk.”

Victoria’s Electoral Commissioner, Warwick Gately AM, says that Victoria should legislate to allow Internet voting because “there is an inevitability about remote electronic voting over the internet.” According to Mr Gately, the NSW iVote system has, “proven the feasibility of casting a secret vote safely and securely over the internet”. The key word here is “proven”. Anyone can claim that their system is secure and protects people’s privacy, but how would we know? Elections have special requirements. Ballot privacy is mandated by law. And elections must demonstrate that the result accurately reflects the choice of the people. So, what has iVote proven? In 2015, our team found that the iVote site was vulnerable to an internet-based attacker who could read and manipulate votes. The attack wouldn’t have raised any security warnings at either the voter’s or the NSW Electoral Commission (NSWEC) end, but it should have been apparent from iVote’s telephone-based verification. When the NSWEC claimed that “some 1.7 per cent of electors who voted using iVote® also used the verification service and none of them identified any anomalies with their vote,” we took that as reasonable evidence that the security problem hadn’t been exploited. But it wasn’t true.

Paperless voting machines are just waiting to be hacked in 2020. And “upgrading” to paper-based voting machines may sound like an oxymoron, but it’s something cybersecurity experts are urging election officials across the country to do. A POLITICO survey found that in 2018, hundreds of counties in 14 states used paperless voting machines — and almost half of the counties that responded to the survey said they don’t plan on changing that ahead of 2020. Security experts said paperless voting machines are vulnerable to hacking because they leave no paper trail and there’s no way to reliably audit the results when an error occurs. Thousands of Redditors joined us as cybersecurity reporter Eric Geller and voting security expert and University of Michigan professor J. Alex Halderman took on Reddit’s most pressing questions about the weaknesses in America’s election systems. We chatted about voting methods in various countries from the U.S. to India, how much the transition to paper ballots would cost, and even “Star Wars.”

While various high-tech solutions to secure electronic voting systems are being touted this week to election officials across the United States, according to infosec guru Bruce Schneier there is only one tried-and-tested approach that should be considered: pen and paper. It’s the only way to be sure hackers and spies haven’t delved in from across the web to screw with your vote. “Paper ballots are almost 100 per cent reliable and provide a voter-verifiable paper trail,” he told your humble Reg vulture and other hacks at Black Hat in Las Vegas on Thursday. “This isn’t hard or controversial. We use then all the time in Minnesota, and you make your vote and it’s easily tabulated.” The integrity of the election process depends on three key areas: the security of the voter databases that list who can vote; the electronic ballot boxes themselves, which Schneier opined were the hardest things to hack successfully; and the computers that tabulate votes and distribute this information.

The 2020 election could be vulnerable to another attack by hostile foreign actors if Senate Majority Leader Mitch McConnell (R-KY) continues to block election security legislation. Election integrity activists are urging Congress to take action after a bombshell report by the Senate Intelligence Committee found widespread attacks by the Russian government in the 2016 election. The Senate report detailed Russia’s far-reaching efforts to destabilize US democracy and get Donald Trump elected. Although the committee saw no evidence indicating that Russia had changed the actual vote tallies in the 2016 election, Vladimir Putin’s regime targeted all 50 states by researching “general election-related web pages, voter ID information, election system software, and election service companies.” Democrats in Washington have reached a roadblock in the Senate that has election integrity experts and grassroots organizers worried about its implications for 2020. Marian Schneider, president of Verified Voting, told WhoWhatWhy that the report proves that there can no longer be a dispute as to whether Russia actually interfered in the 2016 election.

Religious missionaries and active-duty military personnel will get to vote using their smartphones — some already have — as part of a pilot project during this year’s election for municipal offices in Utah County. Around 58 voters will be able take advantage of the program in the primary, estimates Utah County Clerk Amelia Powers. It’s an innovation she and other leaders hope will make it easier for overseas voters and for the state’s second-largest county to process their ballots. “It’s not a ton [of people] but it is enough that it helps with efficiency and manpower,” Powers said. “Even one voter overseas deserves to be able to cast their ballot anonymously and safely.” Members of the military and others living abroad have traditionally had to rely on absentee paper ballots. Now, eligible voters will be able to opt in to vote electronically when filling out their absentee ballot request and can cast their ballots through the Voatz app after completing their identity authentication.

Around 50 elections officials and analysts met at an outpost of the Lansing City Clerk’s office in June, eagerly awaiting the day’s activity: Piloting a relatively new method for ensuring accurate election results. The volunteers — from as near as Delta Township and as far as California — were there to learn an election audit method considered the “gold standard” for verifying votes as the nation barrels toward its first presidential election following widespread Russian tampering in 2016. The method is known as a risk-limiting audit, which essentially involves hand-counting a statistically significant sample of ballots to be confident election results are accurate. A spokesman for the Michigan Secretary of State said it’s one of a handful of techniques the state is testing ahead of the 2020 statewide election, when it will be required to audit elections across the state — a legacy of Proposal 3, the citizen-initiated constitutional amendment passed last November. The fact that the state is required to audit is a new phenomenon; before the amendment passed last fall, the state audited a fixed percentage of precincts after each election but wasn’t bound by law to do so. And that change is good news, elections security experts told Bridge. A robust post-election audit is one of the best ways the state can make sure state elections are protected against hacking or manipulation by foreign or domestic adversaries.

Florida Gov. Ron DeSantis recently made it official: when it comes to the security of America’s elections, we have seen the enemy… and it is us. Governor DeSantis forthrightly acknowledged that, according to the FBI, two Florida counties’ election systems were infected by malware in the 2016 elections. Reportedly, that malware was furtively installed on at least two county employees’ computers via a run-of-the-mill email “spearphishing” campaign. The malware installed then compromised county databases when those county employees used their computers to access their employers’ computer networks, allowing hackers to access vote and voter data stored elsewhere on those same networks. Fortunately, it appears that the malicious code was used “merely” to infect databases separate from voting machines themselves and other internal ballot-tallying systems.

Fifteen years after US President George W. Bush gave his “Mission Accomplished” address, Iraq continues its struggle for democracy. Regrettably, key institutions like its Independent High Electoral Commission have proven inefficient in laying the foundations for a thriving democracy. What is worst, they are failing to learn from their own recent experiences. In May 2018, Iraq headed to the polls for its first election in the post-ISIS era. What initially appeared to be a relatively decent election gradually emerged to have involved massive potential fraud, forcing a manual recount of the results of a failed electronic voting system. These botched elections cast into serious doubt Iraq’s ability to strengthen its own democratic institutions and conduct future election processes. The tragic episode of the 2018 elections could have had a positive spin, had authorities learned the lesson. However, the fact that they are mulling over the idea of using the same unreliable technology, is a sad testament to the struggle facing Iraq’s fragile, corrupt and inefficient institutions.

The FBI will brief Florida’s congressional members this week on Russian attempts to hack the 2016 election, after the Mueller report revealed last month that the election system of at least one Florida county was compromised. But even before details emerge, a former supervisor of elections in Florida is saying he is not surprised that the state’s system was compromised. Ion Sancho, the longtime former supervisor of elections of Leon County, said Friday on The Florida Roundup that Florida’s election infrastructure is, frankly, “not secure.” “It’s been clear to me that the election infrastructure, not only in Florida but in the country, is not secure,” he said.

What do attacks on the integrity of our voting systems, the census and the judiciary all have in common? They’re all intended to reduce our faith in systems necessary for our democracy to function, and they’re also targets of Russian propaganda efforts. To understand how these efforts can effectively undermine a democracy, it helps to think of a government as an information system. In this conceptualization, there are two types of knowledge that governments use to function. The first is what we call common political knowledge, which consists of the political information we all agree on. This includes things such as how the government works, how leaders are elected, and the laws that the courts uphold. This is contrasted with contested political knowledge, which are the things we disagree on: what the correct level of taxation should be, in what ways government should get involved in social issues, and so on. Both are essential in a democracy, because we draw upon our disagreements to solve problems. Different political groups work to advance their own agendas, and the inevitable compromises between those groups advance laws and policies. Uncertainty over who will be in power in the long term incents everyone to keep the whole system running. But for any of this to work, we need the shared knowledge of the rules by which society operates. We all have to agree on the rules for elections, the authority of regulatory agencies, and even what the dominant political parties are and what they stand for. When what previously has been common political knowledge becomes contested political knowledge, democracy itself is in jeopardy.

By design, tens of millions of votes are cast across America on machines that cannot be audited, where the votes cannot be verified, and there is no meaningful paper trail to catch problems – such as a major error or a hack. For almost 17 years, states and counties around the country have conducted elections on machines that have been repeatedly shown to be vulnerable to hacking, errors, breakdowns, and that leave behind no proof that the votes counted actually match the votes that were cast. Now, in a climate of fear and suspicion over attacks to America’s voting system sparked by Russia’s attacks on the 2016 elections, states and counties across the country are working to replace these outdated machines with new ones. The goal is to make the 2020 elections secure. “There’s a lot of work to do before 2020 but I think there’s definitely opportunities to make sure that the reported outcomes are correct in 2020,” said Marian Schneider, president of the election integrity watchdog Verified Voting. “I think that people are focusing on it in a way that has never happened before. It’s thanks to the Russians.” The purchases replace machines from the turn of the century that raise serious security concerns. But the same companies that made and sold those machines are behind the new generation of technology, and a history of distrust between election security advocates and voting machine vendors has led to a bitter debate over the viability of the new voting equipment – leaving some campaigners wondering if America’s election system in 2020 might still be just as vulnerable to attack.

In the wake of Robert Mueller’s investigation into Russian interference in the US electoral system, experts warn the nation is just as exposed as it was in 2016, raising new concerns about the 2020 presidential election. More than two years after intelligence agencies exposed Moscow’s efforts to exploit weaknesses in the US democratic system, technology companies and state governments have yet to come to terms with a foreign power’s meddling in domestic affairs of state. When it comes to the 2020 presidential vote, the US faces many of the same vulnerabilities that made its electoral system a prime target In 2016 — and perhaps some new ones, said Doug Lute, a former American ambassador to Nato and retired Army lieutenant-general who has taken up the cause of US election security. “We are more prepared in the sense that we are more aware. But we are little better prepared in terms of actual security,” said Mr Lute. He noted that Russia’s strategy in 2016 resembled an age-old Russian military doctrine: to attack on a broad front, assess strengths and weaknesses, then prepare to reattack vulnerabilities — a potentially dangerous scenario for 2020.

The 2018 midterm elections were hardly a glowing reflection on the state of America’s voting technology. Even after Congress set aside millions of dollars for state election infrastructure last year, voters across the country still waited in hours-long lines to cast their ballots on their precincts’ finicky, outdated voting machines. Now, a new report published by New York University’s Brennan Center for Justice finds that unless state governments and Congress come up with additional funding this year, the situation may not be much better when millions more Americans cast their vote for president in 2020. In a survey that the center disseminated across the country this winter, 121 election officials in 31 states said they need to upgrade their voting machines before 2020—but only about a third of them have enough money to do so. That’s a considerable threat to election security given that 40 states are using machines that are at least a decade old, and 45 states are using equipment that’s not even manufactured anymore. This creates security vulnerabilities that can’t be patched and leads to machines breaking down when the pressure’s on. The faultier these machines are, the more voters are potentially disenfranchised by prohibitively long lines on election day. “We are driving the same car in 2019 that we were driving in 2004, and the maintenance costs are mounting up,” one South Carolina election official told the Brennan Center’s researchers, noting that he feels “lucky” to be able to find spare parts.

Secretary of State Jocelyn Benson today announced an Election Security Commission to recommend reforms and strategies for ensuring the security of elections in Michigan. The first-of-its-kind effort brings together 18 local and national experts on cybersecurity and elections to secure elections and protect the integrity of every vote. Together they will advise the secretary of state and Bureau of Elections on best practices. … The commission will convene in early April to begin its review and assessment of election security in Michigan. It later will host hearings throughout the state and invite citizen and expert input on election problems and security. The commission will deliver a set of recommended reforms and actions to the secretary of state by the end of 2019. Its work is funded through a federal grant for election security. Benson has named David Becker, executive director of the nonprofit Center for Election Innovation & Research, and J. Alex Halderman, professor of computer science and engineering at the University of Michigan, as co-chairs of the commission. It will be staffed and facilitated by designated secretary of state employees.

Election security experts in Texas and nationwide have been pushing for the use of paper ballots in elections to defend against cyber attacks and bolster public confidence in election results. The Texas Legislature has finally taken notice. This week, the Senate heard testimony on Sen. Bryan Hughes’s election security bill, which would require a paper record of every vote and implement post-election audits of every election. This change is long overdue—but the details matter. As a cybersecurity and elections security expert, I know those details well. In fact, my colleagues from across Texas are joining me in pushing for an even stronger bill. Legislators must recognize that paper ballots are the means to a much more important end: ensuring the final results are correct, even when sophisticated adversaries try to interfere. This requires implementing “risk limiting” post-election audits, where auditors randomly sample paper ballots to make sure they match up with the digital records. Discussion about “paper trails” and “voter-verified paper audit trails” can seem complicated. Unfortunately, not all paper trails are created equal. When it comes to elections, “paper” can mean three things: paper ballots filled out (“marked”) by hand, paper ballots marked by a machine (a “ballot-marking device”), or a paper receipt of some kind printed by an electronic voting machine. What makes a good paper ballot? It must be human-readable (not a bar code or other non-English symbols) and auditable (by human auditors, not just machine scanners). Voters must be able detect errors on machine-marked paper ballots and have opportunity to correct them (e.g., “spoil” the ballot and start over), as they can with hand-marked ballots.

For years security professionals and election integrity activists have been pushing voting machine vendors to build more secure and verifiable election systems, so voters and candidates can be assured election outcomes haven’t been manipulated. Now they might finally get this thanks to a new $10 million contract the Defense Department’s Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.

The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and verifiable systems. The system will use fully open source voting software, instead of the closed, proprietary software currently used in the vast majority of voting machines, which no one outside of voting machine testing labs can examine. More importantly, it will be built on secure open source hardware, made from special secure designs and techniques developed over the last year as part of a special program at DARPA. The voting system will also be designed to create fully verifiable and transparent results so that voters don’t have to blindly trust that the machines and election officials delivered correct results.

But DARPA and Galois won’t be asking people to blindly trust that their voting systems are secure—as voting machine vendors currently do. Instead they’ll be publishing source code for the software online and bring prototypes of the systems to the Def Con Voting Village this summer and next, so that hackers and researchers will be able to freely examine the systems themselves and conduct penetration tests to gauge their security. They’ll also be working with a number of university teams over the next year to have them examine the systems in formal test environments.

One of the toughest things for the digital world to manage is keeping a transaction private while at the same time assuring everyone it has accurately recorded the deal. That’s what Virginia Wesleyan University mathematician Audrey Malagon, an adviser to the non-profit group Verified Voting, has been telling legislators. Her concern is with a particular transaction: voting when voters far from their polling place return their ballots electronically. Del. Nick Rush, R-Christiansburg, wants to launch a pilot program to allow military personnel serving overseas to do just that. He’s hoping the same kind of blockchain technology used in cybercurrency dealings will make it easier for them to vote. But the problem, Malagon told legislators, is preserving the anonymity of the voting booth or absentee ballot while letting both voter and vote-counter know that a vote was accurately recorded.